# Copyright 2026 zhaoxi826 # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. from kilostar.core.postgres_database.model.user import User from sqlalchemy import select from kilostar.utils.error import UserNotExistError, UserPasswordError from kilostar.core.postgres_database.database_exception import database_exception from kilostar.core.postgres_database.model.user import UserAuthority from kilostar.utils.access import Accessor class AuthDatabase: """User 表的 DAO:注册、登录、改密、删除以及权限读写。""" def __init__(self, async_session_maker): self.async_session_maker = async_session_maker @database_exception async def add_user(self, user_name: str, hashed_password: str) -> User: """新建一名用户;若当前库中尚无任何用户,第一名将被自动赋予 SUPER_ADMINISTRATOR 权限。""" from ulid import ULID async with self.async_session_maker() as session: # Check if any users exist statement = select(User).limit(1) results = await session.execute(statement) existing_user = results.first() authority = UserAuthority.USER if existing_user is None: authority = UserAuthority.SUPER_ADMINISTRATOR user = User( user_id=str(ULID()), user_name=user_name, hashed_password=hashed_password, user_authority=authority, ) session.add(user) await session.commit() await session.refresh(user) return user @database_exception async def change_password(self, user_name, old_password, new_password) -> User: """校验旧密码后将其替换为新密码;旧密码不匹配抛 UserPasswordError。""" async with self.async_session_maker() as session: statement = select(User).where(User.user_name == user_name) results = await session.execute(statement) user = results.scalar_one_or_none() if user is None: raise UserNotExistError() if not Accessor.verify_password(old_password, user.hashed_password): raise UserPasswordError() user.hashed_password = Accessor.hash_password(new_password) session.add(user) await session.commit() await session.refresh(user) return user @database_exception async def delete_user(self, user_name: str) -> None: """按用户名删除一名用户,不存在则抛 UserNotExistError。""" async with self.async_session_maker() as session: statement = select(User).where(User.user_name == user_name) results = await session.execute(statement) user = results.scalar_one_or_none() if user is None: raise UserNotExistError() session.delete(user) await session.commit() @database_exception async def delete_user_by_id(self, user_id: str) -> None: """按用户 ID 删除一名用户,不存在则抛 UserNotExistError。""" async with self.async_session_maker() as session: user = await session.get(User, user_id) if user is None: raise UserNotExistError() session.delete(user) await session.commit() @database_exception async def login_user(self, user_name: str) -> str: """按用户名查出 User 记录返回给上层;上层再做密码校验并签发 token。""" async with self.async_session_maker() as session: statement = select(User).where(User.user_name == user_name) results = await session.execute(statement) user = results.scalar_one_or_none() if user is None: raise UserNotExistError() return user @database_exception async def get_all_users(self) -> list[User]: """返回数据库中全部用户列表。""" async with self.async_session_maker() as session: statement = select(User) results = await session.execute(statement) users = results.scalars().all() return list(users) @database_exception async def get_user_authority(self, user_id: str) -> UserAuthority: """返回指定用户的 UserAuthority 枚举;不存在抛 UserNotExistError。""" async with self.async_session_maker() as session: user = await session.get(User, user_id) if user is None: raise UserNotExistError() return user.user_authority @database_exception async def change_user_authority( self, user_id: str, new_authority: UserAuthority ) -> User: """ Changes the authority level of a specific user. Args: user_id: The ID of the user whose authority is to be changed. new_authority: The new authority level to assign to the user. Returns: User: The updated user object. Raises: UserNotExistError: If the specified user does not exist. """ async with self.async_session_maker() as session: user = await session.get(User, user_id) if user is None: raise UserNotExistError() user.user_authority = new_authority session.add(user) await session.commit() await session.refresh(user) return user